I'm fairly sure I know the answer to this, but wanted to confirm - I was doing work on a customers site, and ran into a Google flag for malware (site includes portions from a site beginning proto... that I can't remember) - I continued and finished what I was doing (just changing a setting) - last I checked, drive-by infections didn't really "work" on macs.

I cleared all of my cache and am about to run a clamXAV scan, but there's no cause for concern here is there? The gist of my question essentially, is whether it is possible for external scripts to operate maliciously (in any way) on my machine without my admin password / choosing to install them (obviously, neither of which I did).